csaf_redhat - rhsa-2025:3670

rhsa-2025:3670

Vulnerability from csaf_redhat

Published

2025-04-08 00:15

Modified

2025-08-06 05:22

Summary

Red Hat Security Advisory: redhat-ds:12 security update

Notes

Topic

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 EUS for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration. Security Fix(es): * 389-ds-base: null pointer dereference leads to denial of service (CVE-2025-2487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 EUS for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: null pointer dereference leads to denial of service (CVE-2025-2487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:3670",
        "url": "https://access.redhat.com/errata/RHSA-2025:3670"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2353071",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353071"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3670.json"
      }
    ],
    "title": "Red Hat Security Advisory: redhat-ds:12 security update",
    "tracking": {
      "current_release_date": "2025-08-06T05:22:34+00:00",
      "generator": {
        "date": "2025-08-06T05:22:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2025:3670",
      "initial_release_date": "2025-04-08T00:15:08+00:00",
      "revision_history": [
        {
          "date": "2025-04-08T00:15:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-04-08T00:15:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-06T05:22:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Directory Server 12.4 EUS for RHEL 9",
                "product": {
                  "name": "Red Hat Directory Server 12.4 EUS for RHEL 9",
                  "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:directory_server_eus:12.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Directory Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-ds:12:9040020250325181857:1674d574",
                "product": {
                  "name": "redhat-ds:12:9040020250325181857:1674d574",
                  "product_id": "redhat-ds:12:9040020250325181857:1674d574",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds@12?rpmmod=redhat-ds:12:9040020250325181857:1674d574"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
                "product": {
                  "name": "cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
                  "product_id": "cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-389-ds@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
                "product": {
                  "name": "python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
                  "product_id": "python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-lib389@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
                "product": {
                  "name": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
                  "product_id": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-devel@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-libs@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-snmp@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                "product": {
                  "name": "389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_id": "389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.4.5-12.module%2Bel9dsrv%2B22976%2B238a2ead?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
        },
        "product_reference": "redhat-ds:12:9040020250325181857:1674d574",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src"
        },
        "product_reference": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64 as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64"
        },
        "product_reference": "389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch"
        },
        "product_reference": "cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch as a component of redhat-ds:12:9040020250325181857:1674d574 as a component of Red Hat Directory Server 12.4 EUS for RHEL 9",
          "product_id": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch"
        },
        "product_reference": "python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
        "relates_to_product_reference": "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-2487",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2025-03-18T02:20:00.627000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2353071"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "389-ds-base: null pointer dereference leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this as a Moderate severity since the impact is limited to privileged users who can perform the operations, leading to an impact on server Availability.\n\nThis issue is not reproducible in Red Hat Enterprise Linux (RHEL) 10 due to the way the RHEL 10 database write operations are serialized, therefore, it is not affected.\n\n389-ds-base has been fixed in RHEL 9.5. Starting from RHDS 12.5, it uses 389-ds-base from RHEL-9.5. Hence, it\u0027s actually not-affected and fix will be picked after rebase from RHEL-9.5.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
          "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-2487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2353071",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353071"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-2487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2487"
        }
      ],
      "release_date": "2025-03-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-04-08T00:15:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3670"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.src",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-debugsource-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-devel-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-libs-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:389-ds-base-snmp-debuginfo-0:2.4.5-12.module+el9dsrv+22976+238a2ead.x86_64",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:cockpit-389-ds-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch",
            "BaseOS-9.4.0.Z.EUS-DirSrv-12.4-EUS:redhat-ds:12:9040020250325181857:1674d574:python3-lib389-0:2.4.5-12.module+el9dsrv+22976+238a2ead.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "389-ds-base: null pointer dereference leads to denial of service"
    }
  ]
}

CVE-2025-2487 (GCVE-0-2025-2487)

Vulnerability from cvelistv5

Published

2025-03-18 16:25

Modified

2025-08-06 05:18

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:3663	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:3670	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4491	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:7395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-2487	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2353071	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

►

Version: 2.4.0   ≤ 2.4.6
Version: 2.5.0   ≤ 2.5.3
Version: 2.6.0   ≤ 2.6.1
Version: 3.0.0   ≤ 3.0.6

Red Hat	Red Hat Directory Server 12.4 EUS for RHEL 9	Unaffected: 9040020250325181857.1674d574 < * cpe:/a:redhat:directory_server_eus:12.4::el9
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.5.2-9.el9_5 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.6.1-8.el9_6 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.4.5-14.el9_4 < * cpe:/a:redhat:rhel_eus:9.4::crb cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Directory Server 12	cpe:/a:redhat:directory_server:12
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Show details on NVD website